This is the second version. It adds a strategy for the sysctls so that we
can reject any change to a value that was already negative. This way it's
possible to disable modify_ldt temporarily or permanently (eg: lock down a
server) as suggested by Kees.
Willy Tarreau (2):
sysctl: add a new generic strategy to make permanent changes on
negative values
x86/ldt: allow to disable modify_ldt at runtime
Documentation/sysctl/kernel.txt | 16 +++++++++++++
arch/x86/Kconfig | 17 ++++++++++++++
arch/x86/kernel/ldt.c | 15 +++++++++++++
kernel/sysctl.c | 50 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 98 insertions(+)
--
1.7.12.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
